package com.rykj.qxj.core;

import lombok.extern.log4j.Log4j;
import org.springframework.core.annotation.Order;

import javax.servlet.*;
import javax.servlet.http.HttpServletRequest;
import java.io.IOException;
import java.util.Iterator;

@Log4j
@Order(2)
public class SQLFilter implements Filter {
      private String inj_str = "'|and|exec|insert|select|delete|update|count|*|%|chr|mid|master|truncate|char|declare|; |or|-|+|,";
     // protected FilterConfig filterConfig = null;
      /**
       * Should a character encoding specified by the client be ignored?
       */
       //protected boolean ignore = true;
       public void init(FilterConfig config) throws ServletException {
         // this.filterConfig = config;
         //this.inj_str = filterConfig.getInitParameter("keywords");
        }

        @Override
        public void doFilter(ServletRequest request, ServletResponse response,
                      FilterChain chain) throws IOException, ServletException {
            HttpServletRequest req = (HttpServletRequest)request;
          //  HttpServletResponse res = (HttpServletResponse)response;
             Iterator values = req.getParameterMap().values().iterator();//获取所有的表单参数
             while(values.hasNext()){
                String[] value = (String[])values.next();
                for(int i = 0;i < value.length;i++){
                     if(sql_inj(value[i])){
                         log.error("====发现sql注入==="+value[i]);
                         //TODO这里发现sql注入代码的业务逻辑代码
                         return;
                     }
                }
             }
             chain.doFilter(request, response);
         }

        @Override
        public void destroy() {

        }

        public boolean sql_inj(String str) {
             String[] inj_stra=inj_str.split("\\|");
             for (int i=0 ; i < inj_stra.length ; i++ ){
                 if (str.indexOf(" "+inj_stra[i]+" ")>=0)
                  {
                    return true;
                  }
             }
         return false;
        }

}
